Please check
this post. One difference there is that the ACL is also applied to the mgmt VRF, other is that with this ACL you block all SSH and HTTPS traffic across the default VRF, because you do a deny to any in lines 40-70, not just to the switch IP.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Oct 24, 2022 09:30 AM
From: Leigh Weems
Subject: Restrict access to Network Team static IPs only
I am wanting to restrict access to our OS-CX line switches (Aruba 6300) to just our Network Support team's laptops, their assigned VMs and our Orion server for SNMP. I created an ACL on the VRF for SSH and HTTPS for the 6 workstations plus our Orion server on one of our 6 closets as a test (that closet is on VLAN 111 instead of the VLAN 211). When I go to test this I can access the switch stack from my laptop with a static IP of 211.23 and can access it from my VM with a static of 152.11 and I am unable to access it via WiFi (VLAN 22), however I go to another workstation on VLAN 211 and I can access it. Does the ACL to the VRF only restrict by networks and not single IPs? I wanted to test on this closet first as it has the least number of connections and I don't have another OS-CX switch in my lab to test with. If I can verify this works, I will copy it to our Core switches too.